eygle.com   eygle.com
eygle.com eygle
eygle.com  
 

« Oracle11g的新特性:Database和SQL重演(replay) | Blog首页 | MT归档分页插件(Paged Archives)几个问题的解决 »

Linux下sshd启动失败问题解决一例

今天一台Redhat Linux AS4出了问题,ssh无法连接。

检查日志(/var/log/secure 文件)发现如下错误提示:

sshd[3862]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
sshd[3862]: fatal: Cannot bind any address.
sshd[3879]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
sshd[3879]: fatal: Cannot bind any address.

提示显示端口22被占用,绑定失败。

网上可以找到类似的案例,一般的解释是ipv4与ipv6启动冲突。
在 /etc/ssh/sshd_config 文件中存在以下设置:

ListenAddress 0.0.0.0 ListenAddress ::

其中0.0.0.0是ipv4的地址,::是IPv6的表示,如果IPv4地址绑定22端口,则后续绑定会失败,通常的建议是如果不使用IPv6,则可以注释后面一行。

可是我们的问题还没有这么简单,因为缺省的,以上两行配置已经被注释。

检查系统开放的端口及服务:

[root@cmjp1 ~]# nmap -sT -O localhost

Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2006-11-15 14:00 CST
Insufficient responses for TCP sequencing (3), OS detection may be less accurate
Interesting ports on cmjp1.hurray.com.cn (127.0.0.1):
(The 1655 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
111/tcp open rpcbind
631/tcp open ipp
873/tcp open rsync
Device type: general purpose
Running: Linux 2.4.X|2.5.X|2.6.X
OS details: Linux 2.4.0 - 2.5.20, Gentoo 1.2 linux (Kernel 2.4.19-gentoo-rc5), Linux 2.4.20,
Linux 2.4.20 - 2.4.22 w/grsecurity.org patch, Linux 2.5.25 - 2.6.3 or Gentoo 1.2
Linux 2.4.19 rc1-rc7)
Uptime 0.089 days (since Wed Nov 15 11:52:15 2006)

Nmap run completed -- 1 IP address (1 host up) scanned in 2.199 seconds

可以发现22端口已经启动,但是客户端是无法通过ssh协议连接的。

同时在系统中观察到另外的一个现象是,即使通过ssh作为客户端访问远程主机也不能连接:

[root@cmjp ~]# ssh root@172.16.33.130
The authenticity of host '172.16.33.130 (172.16.33.130)' can't be established.
RSA key fingerprint is 20:7c:8e:15:19:f7:e7:0c:5d:ce:6f:1c:c6:de:f2:0b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.33.130' (RSA) to the list of known hosts.
root@172.16.33.130's password:
Segmentation fault

Segmentation fault多半说明应用程序存在问题,导致指针访问错误,通过重新安装sshd程序,最终解决了该问题。

-The End-


历史上的今天...
    >> 2012-11-15文章:
    >> 2011-11-15文章:
    >> 2010-11-15文章:
    >> 2009-11-15文章:
    >> 2008-11-15文章:
    >> 2005-11-15文章:
           iSCSI节点名称定义及其他
           NetAPP iSCSI性能测试
    >> 2004-11-15文章:
           使用热备份进行分时恢复

无觅

By eygle on 2006-11-15 13:49 | Comments (2) | System | 967 |

2 Comments

用 netstat -tnlp 看是否是sshd 开的22端口

大部分服务器报这个纯粹配置问题,关闭IPV6的监听就可以。但不能连接远程服务器应该应用程序损坏有关系

#cat /etc/ssh/sshd_config
......
#Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
......
#service sshd restart
#cat /var/log/secure
......
Dec 3 11:10:19 localhost sshd[25953]: Server listening on :: port 22.
Dec 3 11:10:19 localhost sshd[25953]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
......

修改配置后:

#cat /etc/ssh/sshd_config
......
Port 22
#Protocol 2,1
ListenAddress 0.0.0.0
#ListenAddress ::
......

#service sshd restart
#cat /var/log/secure
......
Dec 3 11:10:43 localhost sshd[25968]: Server listening on 0.0.0.0 port 22.
......



CopyRight © 2004~2020 云和恩墨,成就未来!, All rights reserved.
数据恢复·紧急救援·性能优化 云和恩墨 24x7 热线电话:400-600-8755 业务咨询:010-59007017-7040 or 7037 业务合作: marketing@enmotech.com